Dolibarr Local File Include and Cross Site Scripting Vulnerabilities

http://www.securityfocus.com/bid/47542

Security Info

Bugtraq ID:	47542
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 22 2011 12:00AM
Updated:	Apr 22 2011 12:00AM
Credit:	AutoSec Tools
Vulnerable:	Dolibarr ERP/CRM Dolibarr 3.0

Not Vulnerable:

Security Discussion

Dolibarr is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within the context of the affected application. Information harvested may aid in further attacks.

The attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Dolibarr 3.0.0 is vulnerable; other versions may also be affected.

Proof of Concept and Security Exploits

Attackers can exploit these issues via a browser. To exploit a cross-site scripting issue, attackers must entice an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/dolibarr-3.0.0/htdocs/document.php?lang=%22%3E%3Cscript%3Ealert%280%29%3C/script%3E

http://www.example.com/dolibarr-3.0.0/htdocs/user/passwordforgotten.php?theme=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00

Security Solution(s)

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security References(s)

References:

Dolibarr Download Page (Dolibarr ERP/CRM)
Dolibarr Homepage ( Dolibarr ERP/CRM)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services